top of page

Cybersecurity Weekly Update: 19-26 January 2026

  • Writer: SOC Team
    SOC Team
  • 6 days ago
  • 3 min read

1. Critical Cisco Unified Communications Zero-Day Exploited


Security reports confirm that a critical zero-day vulnerability affecting Cisco Unified Communications Manager (Unified CM) and related platforms (CVE-2026-20045) has been targeted by threat actors. The flaw allows remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests to management interfaces, and it has been patched under emergency advisories due to active exploitation attempt. (securityweek.com) 


Impact: Unified communications platforms power key services such as voice, messaging, and conferencing across enterprise environments in defence, healthcare, education, and finance. Unpatched systems may allow attackers to gain deeper access to internal networks and intercept sensitive communications.


Action: Apply the latest patches immediately. Restrict access to web management interfaces via firewalls and enforce multifactor authentication (MFA) on administrative accounts. Monitor logs for unusual management activity.


2. Chainlit AI Framework Vulnerabilities Could Leak Data


Two vulnerabilities in the Chainlit framework — CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (server-side request forgery) — have been disclosed, which can allow attackers to read arbitrary files (including credentials and configuration data) or perform SSRF requests from servers hosting the framework. These bugs impact installations of conversational AI applications and could expose sensitive internal information if exploited. (thehackernews.com) 


Impact: Organisations using Chainlit to deploy conversational interfaces, bots, or customer service automation risk data leakage should attackers gain access through web-facing or internal instances. Stolen API keys or credentials could enable further lateral movement or cloud infrastructure abuse.


Action: Update Chainlit to version 2.9.4 or later where these flaws have been addressed. Restrict network access to Chainlit servers and implement WAF rules to block suspicious SSRF and arbitrary file read patterns.


3. Automated FortiGate Attacks Abuse FortiCloud SSO


Security researchers reported active automated attacks abusing FortiCloud SSO on FortiGate firewalls, enabling adversaries to alter configurations, create VPN accounts, and establish persistence — even on patched devices. (thehackernews.com) 


Impact: Compromised firewall configurations can expose internal assets, weaken external defenses, and provide unauthorized remote access to critical infrastructure.


Action: Disable FortiCloud SSO where possible; restrict administrative access; enforce credential rotation; and monitor configuration logs for anomalies.


4. LastPass Warns of Fake Maintenance Phishing Campaign


LastPass warned of an ongoing phishing campaign that uses fake maintenance notification emails designed to trick users into entering their master passwords. These phishing messages may lead to credential theft and subsequent account compromise. (cyberpress.org) 


Impact: Credential theft from password vault services significantly elevates risk across all connected enterprise accounts and increases the likelihood of lateral compromise and identity fraud.


Action: Remind users to verify legitimate maintenance messages, reinforce MFA usage for critical identity services, and implement phishing‑resistant authentication where available.


5. Critical GNU InetUtils Vulnerability Allows Root Access


A critical vulnerability in GNU InetUtils’ telnetd component enables unauthenticated attackers to gain root privileges via input handling flaws. While legacy protocols like Telnet are uncommon in modern enterprise networks, many industrial and embedded systems still expose these services. (cyberpress.org) 


Impact: Unprotected Telnet services with this flaw can allow full system compromise, creating a beachhead for deeper intrusion — especially on unmanaged or IoT/OT devices.


Action: Disable legacy services where possible; remove Internet exposure of Telnet; and apply input validation and segmentation controls for devices that cannot be hardened.


Key Recommendations


  • Patch and prioritise critical systems: Apply emergency and high-severity patches promptly, particularly for unified communications platforms, firewall infrastructure, and externally exposed services.

  • Harden management and administrative access: Restrict access to management interfaces, enforce strong authentication (MFA where supported), and monitor administrative activity for signs of abuse or configuration tampering.

  • Reduce attack surface on perimeter and legacy systems: Disable unnecessary services such as Telnet, limit exposure of firewall and AI framework components, and segment OT/IoT and legacy environments from core enterprise networks.

  • Strengthen identity and credential protection: Assume credential exposure is ongoing. Enforce MFA for critical services, rotate credentials regularly, and monitor for leaked or reused credentials across enterprise systems.


 
 
bottom of page